Slashdot Mirror


User: swillden

swillden's activity in the archive.

Stories
0
Comments
18,006
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 18,006

  1. Re:Just two days of service? on Google Fiber Goes Down During World Series, Credits KC 2 Days of Service (pcmech.com) · · Score: 1

    For a 40-minute outage?

    The article was indicating people lost service for several hours, and it was not due to a fibre cut or damage to an individual customer's drop, so the SP was responsible, and it was no mere 40 minute outage.

    From TFA:

    Most lost service from shortly before 7 p.m. Tuesday until about 7:35 p.m.

    I had missed that it was longer for some, but for most it was a mere 40-minute outage. For the smaller number that had a longer outage, it was no more than about three hours, since service was fully restored by 10:15.

    How much would you pay for a gigabit connection with a business class SLA? A lot more than $70 per month.

    Do you see the problem with what you are suggesting? What do you think a SLA is, insurance?

    Yes, that's exactly what an SLA is, it's insurance. Outages are inevitable, and the closer you try to get to perfect service, the more it costs. And SLA provides a commitment to a specific level of availability, and remedies (usually financial -- like insurance) if those levels aren't met. It doesn't make sense to provide business-level SLAs (and associated fees) to residential customers.

    I have a T1 with an uptime SLA, and it's less than $100 a month.

    What's the agreement for your connection? How much uptime is promised, and what's the remedy if it's not met? $100 per month is pretty darned expensive for 1.54 mbps, BTW, so at that cost you should have an SLA, and some pretty decent committed outage remedies.

  2. It doesn't need to do either, because the warranty doesn't cover misuse, neglect, or deliberate harm.

    What, haven't you ever accidentally shot your phone?

  3. Re:Just two days of service? on Google Fiber Goes Down During World Series, Credits KC 2 Days of Service (pcmech.com) · · Score: 1

    Two day's worth of service is an insignificant credit compared to the loss, especially during a special event.

    For a 40-minute outage?

    Most providers of business IP... A couple hours worth of outage would typically generate enough SLA credit to make an entire month and possibly two month's worth of service gratis.

    So how come it's so unusual for a residential ISP to waive even 2 days, after a few hours unscheduled downtime?

    Because residential services don't generally have an SLA, and cost much, much less for that reason. How much would you pay for a gigabit connection with a business class SLA? A lot more than $70 per month.

  4. A shatterproof screen?

    Challenge accepted...am I limited to the caliber of ammunition I can use, or is it unrestricted?

    That was my first thought as well. If it holds up to my 9mm I will be impressed. 5.56 and I will be shocked. If it stops the 7.62x54 from my Mosin then Motorola needs to be selling this stuff to the military as next generation body armor.

    It doesn't need to stop bullets, just not shatter when struck by them. A clean, round hole would satisfy the claim.

  5. Re:Pre-compute vs. responsive system on How Tesla's Autopilot and Google's Car Are Entirely Different Animals (robohub.org) · · Score: 1

    Google approach of map everything in excruciating detail has one big flaw

    That would be a big flaw... if it were Google's approach. It's not. Google's system analyzes what it sees in real-time. At present Google is sticking to areas that it has well-mapped, but that's not essential for the vehicle to operate.

  6. Re:Still not interested on How Tesla's Autopilot and Google's Car Are Entirely Different Animals (robohub.org) · · Score: 3, Insightful

    Or even, let the car go home to be available for other family members to use until it's time to come pick you up from work.

  7. Re: What is Solaris good for? on Oracle Bakes Security Into New Chips (theregister.co.uk) · · Score: 1

    That was the female version.

    That would be cojonas, assuming such a thing even made sense.

  8. Re:Always entertaining when salesmen try to talk t on Oracle Bakes Security Into New Chips (theregister.co.uk) · · Score: 1

    Colors? I bet he counts binary as "one potato, two potato, four potato".

    It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.

    Colors is also easier to understand for those purchasing the tech who aren't necessarily techies.

    Not in this case. Pointer labeling and its anti-exploit value is still going to be opaque no matter what you call it, and you could apply any common word as the description and the non-technical would be fine using that as the hook. Oracle could be touting their new "porcupine" security technology, it would work as well from a sales perspective. Probably better.

  9. Re:What is Solaris good for? on Oracle Bakes Security Into New Chips (theregister.co.uk) · · Score: 1

    cajunas

    FYI, the word is "cojones".

  10. Re:The US wants Instant Gratification on Are Car Dealers a Business Worth Keeping? (vox.com) · · Score: 1

    I think they eliminated that process as part of the general dumbing-down of America.

    It wasn't eliminated. You can still do it. Dealers have an incentive to sell you something they have on the lot, rather than ordering, because they want the deal done now and because it clears their inventory. But you can still order, and for vehicles that offer rear axle ratio options, etc., you can choose what you want.

  11. Re:$120B worth of jobs on Are Car Dealers a Business Worth Keeping? (vox.com) · · Score: 1

    Squeezing $120 billion of efficiency out of a $400 billion industry by largely eliminating the jobs of people who we find irritating might not be the best course of action and could put 1 million irritating people in jobs that bother us even more.

    If you want to take money from my pocket to support people who don't have any useful skills, at least do it honestly and directly: tax me and give the skill-less a basic living stipend (and offer them education so they can stop being skill-less and make more money). If the people working for the dealerships have skills that can be usefully applied elsewhere in the economy, then your approach constitutes an economic double-whammy. It's a bad idea.

  12. Re:Let the Public Decide on Are Car Dealers a Business Worth Keeping? (vox.com) · · Score: 1

    There's more nuance to things in real life unfortunately. A car manufacturer can certainly get a competitive advantage over retailers since they own a monopoly on supply.

    If it were that simple there would be no middlemen in any industry, retailers and distributors would not exist. I read early theories about e-commerce which implied that we were going to move to a direct-purchase model for virtually everything that can be shipped, buying directly from manufacturers who drop-ship to consumers.

    But that hasn't happened.

    It turns out that retailers do add significant value, and for that reason they have a solid place in the marketplace. But it's not clear in this particular case that dealers actually do add value. And if they don't, then artificially preserving their local monopoly just means that we're paying people for make-work, raising prices and taking money out of consumers' wallets.

  13. Jargon is necessary on Investigating the Complexity of Academic Writing (theatlantic.com) · · Score: 1

    Complex syntax may be an affectation driven by cultural norms, but professional jargon is generally necessary. Jargon compresses large amounts of previously-understood knowledge into a word or a phrase. For example, in a paper I'm writing I just mentioned "counting bloom filter" and IND-CPA. Either of those concepts requires many pages of words to explain, and in turn references many more concepts that the layperson will not know. The full background required to fully understand each of those concepts, starting from zero, could easily fill a book.

    Even where jargon does have a common-language synonym, it's often the case that the jargon has many additional nuances to its meaning which aren't adequately captured by the common word. I'm sure there are some cases where jargon could be replaced by something more accessible without losing relevant meaning (e.g. I found myself tempted to use "semantic content" rather than "meaning", but other than being slightly less ambiguous, it wouldn't add much), but I doubt that using the more-accessible terms would significantly increase the accessibility of the paper.

    I think one of the clearest examples of this is Randall Munroe's various comics where he explains complex concepts with simple words. He does a good job, but I still strongly suspect that the only people who can really understand his "simple" explanations are those who already understand the bulk of the concepts being explained. He's writing a book that uses this same method throughout; we'll see if he manages any counterexamples.

  14. Re:Always entertaining when salesmen try to talk t on Oracle Bakes Security Into New Chips (theregister.co.uk) · · Score: 1

    NSA haxors it in 4ms, code gets into wild, end of story.

    Nope. This kind of exploit mitigation that has no single hack. It's something that every exploit author has to work around, and exactly how to do that will depend on the nature of the exploit. In particular, this promises to be devastating to ROP attacks, seriously reducing the number of gadgets available and how they can be combined. It's doesn't make exploits impossible, but it makes many of them much harder, and some of them impossible.

  15. Re:Always entertaining when salesmen try to talk t on Oracle Bakes Security Into New Chips (theregister.co.uk) · · Score: 3, Informative

    Colors? I bet he counts binary as "one potato, two potato, four potato".

    It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.

  16. Not useless on Oracle Bakes Security Into New Chips (theregister.co.uk) · · Score: 1

    This isn't a panacea, but neither is it useless. It's much like current versions of ASLR (Address Space Layout Randomization), which attempt to make it hard for attackers to guess where important bits of data/code are located in memory by randomizing where stuff is put in memory. The amount of randomization that current ASLR implementations provide is somewhat limited, so it only achieves a few bits of randomization, meaning that the attacker may still be able to guess the correct location with some trial and error.

    But layering enough of these sorts of obstacles on really does mean that in many cases an exploit chain that would be easy becomes much more difficult, or even impossible, and they don't impact legitimate code. In this case the color bits do consume some of the virtual address space, but we're talking about 64-bit pointers, which have space to spare.

  17. Re:Google's project Fi on Carriers Selling Your Data: a $24 Billion Business (adage.com) · · Score: 1

    Google of course is best positioned not only to sell this data

    https://privacy.google.com/#google-information

  18. Re:Duh... on Open Source Code Isn't a Warranty (opensource.com) · · Score: 1

    I have done such audits. You get 5 days to review 1000 lines of badly structured and undocumented code.

    Then you haven't done the audits I'm talking about. I have, and I've had my code audited. It takes many weeks, includes the active participation of the developers and is very thorough.

  19. Re:Duh... on Open Source Code Isn't a Warranty (opensource.com) · · Score: 1

    Open-sourcing the software/firmware in question is a necessary thing. That means it must be done. It is not a sufficient condition.

    I love open source, and I think the default approach for much software should be open, but it's neither necessary nor sufficient. The insufficiency is clear, at least in the short term. With regard to necessity, there are lots of other options. Here are a few:

    1. The vendor could be held liable for any and all security breaches and reliability problems due to their software. That is, they could be required to provide warranties/guarantees, and to be bonded to ensure that they can't skip out of payment by filing bankruptcy.

    2. The vendor could be required to submit to regular and thorough third-party audits. The audits would be performed under NDA so very few people would see the source, but good audits are both necessary and sufficient, whether the source is open or not.

    3. Government regulators could take responsibility for auditing and validating the source. This is just a variation on third-party audits, with a specific third party. It's worth pointing out, though because it's actually pretty common.

    4. Organizations can use detailed and careful design and implementation methodologies. This, plus liability, is what makes aerospace code generally very good, even without actual audits.

    I think in most cases open source is easier, cheaper and better, and it's my default option. But it's not actually necessary.

  20. Re:Higher performance assumes higher energy use on Immersion Cooling Drives Server Power Densities To Insane New Heights (datacenterfrontier.com) · · Score: 1

    Energy costs would be zero.

    No, energy cost would be the cost of the solar panel, amortized over the number of computations the unit performed during the lifetime of the panel.

    If batteries get cheap enough, they could be incorporated to allow processing to continue at night

    In which case you need to include the cost of the batteries in your estimate of energy cost.

    It's possible that your idea could be very cost-efficient, but definitely not zero.

  21. Re:Voice from that hot and wet hole. on Immersion Cooling Drives Server Power Densities To Insane New Heights (datacenterfrontier.com) · · Score: 1

    Most minerals have intrinsic utility. Gold is useful as both a conductor and as a reflective coating. Silver is useful in various chemical compounds. Platinum and iridium are very useful catalysts.

    And aluminum, once far more valuable than gold, is also extraordinarily useful due to its combination of light weight, strength, flexibility and corrosion resistance. Today, gold is worth approximately 28,000 times as much as aluminum. Why? Because aluminum is no longer rare, not because gold is 28,000 times as useful, industrially. Should we discover a massive quantity of gold on earth, or tow a multi-million ton asteroid of the metal into earth orbit and start sending chunks down, or find a cost-effective way to synthesize it from other elements, then the value of gold will evaporate, like aluminum did. The value of copper will fall, too, since gold will take over all of its large-volume uses.

    A better comparison would have been to fiat currency, which is equally useless except as a means of economic exchange.

    Debt-based fiat currency is at least based on a promise of future goods and services. The precise value of those future goods and services is unknown... but so is the future value of yellow metal. Barring some significant loss of confidence in fiat currency, it has the singular advantage that it will continue to be in demand, because the amount available is limited (by fiat). So as long as everyone else is confident that you'll be able to exchange it in the future for whatever goods and services you want, you will. Minerals are subject to uncontrolled and uncontrollable externalities.

    At bottom, any currency is a bet that it will retain its value in the future. There are no guarantees. But given a moderately stable society, debt is can be more reliable than any mineral. Or not. It depends.

  22. The whole system results in a massive waste of energy for an inefficient currency.

    Cite? Transactions with traditional currencies aren't free, you know. The bookkeeping, auditing, forensics and prosecutions needed to keep normal transactions sufficiently secure do have a significant real-world cost. Not so much in energy, I'd expect, but much more in person-hours. How does bitcoin compare, all costs considered? I don't know. If you know of some research that tries to answer this question with data, I'd very much like to see it.

  23. Re:+1 for privacy supporters -1 for gun control on Judge: Defendant 'Had a Right' To Shoot Down Drone (wdrb.com) · · Score: 1

    Unfortunately for you you're wrong: it was found that the downside of firing birdshot into the air is less than the downside of allowing drone operators to film someone else's backyard. Both are downsides but a court felt that the value of having one outweighed the value of having the other.

    I hope that wasn't what happened in this case. If the law says firing a gun within the city is illegal then it should be illegal regardless of other criminality in the vicinity. If defending your property is a clear exception to the law then what happened here is that it was decided that this shooting fell within that definition.

    Which is exactly what happened. I'm not going to bother looking up the Kentucky law, but it definitely contains a statute that provides justification as a defense. For comparison, here's what the Utah (my state) statute says:

    (1) Conduct which is justified is a defense to prosecution for any offense based on the conduct. The defense of justification may be claimed:
    (a) when the actor's conduct is in defense of persons or property under the circumstances described in Sections 76-2-402 through 76-2-406 of this part;

    This is very typical. Instead of calling out specific exceptions in every part of the criminal code, they just have one statute defining justification, it's scope of applicability and its limitations.

    Although we love to laugh at all of the times that the law doesn't make sense, by and large it pretty much does. Especially criminal law.

  24. Re:Gonna need a reference here... on US Military Websites Still Relying On SHA-1 (netcraft.com) · · Score: 1

    Correct, but note the chosen-prefix collision algorithm (sufficient for forging certs) proved to be easier in md5 than full second pre-image computation.

    Yes, that's the attack I mentioned, which required not only chosen-prefix collisions, but also the freedom to choose the public keys for both certs.

  25. Re:Don't bank on your cellphone. on Chase and MasterCard Jump Into Mobile Payments (itworld.com) · · Score: 1

    No, it is not as secure as your desktop or laptop.

    That statement could not be more wrong. The typical mobile device is significantly more secure than the typical desktop or laptop. Desktops (and laptops; I'm going to stop distinguishing) aren't quite as bad in 2015 as they were a few years ago, but they're still hugely more likely to be infected with various sorts of malware, to be part of a botnet, etc.

    Fundamentally, this is because desktop OSes were designed before security really became a significant concern, and mobile OSes were designed after. Mobile OSes provide much stronger sandboxing of apps, and the sandboxes restrict apps from using sensitive system services or interacting with any other apps by default, and allow apps to obtain more permissions only in controlled ways. By default all app data is restricted from access by all other apps; unless app A goes out of its way to place data where app B can get it, app B can't, regardless of the permissions B requests. In addition, nearly all mobile apps are installed from curated repositories.

    In contrast, on a desktop (even Linux!) app separation is only by user account. Any app installed by you has access to any data managed by any other app installed by you. And apps com from many sources, including random collections of online repositories of malware-ridden games.

    The only remotely justifiable counterargument is that desktop OSes tend to get security updates more regularly than typical Android devices. That means that it's likely to be more possible on a given Android device (and the typical mobile device is Android, not iOS or Windows) to violate the security restrictions imposed by the OS. However, as described above, most desktop OSes don't actually impose many security restrictions on apps and content owned by a given user, so I think this point is largely moot. Which is easier to exploit, an OS with a restrictive security model but known vulnerabilities, or an OS with a totally permissive security model? The latter is easier by far, because there's no need to even bother with exploits.

    I think we're also going to see over the next couple of years that the Android update problem gets fixed, at least by the major vendors, so even that counterargument is going away.